English security researcher NCC Group recently came forward with a new exploit they discovered that could allow hackers to remotely seize control of a vehicle through its infotainment systems.
The hack was demonstrated live to Wired magazine by Chris Valasek and Charlie Miller, two members from a second, American-based security group. By tapping into a Jeep Cherokee's internet-connected entertainment/navigation system, the two were able to gain control over key several of the vehicle's key components, including its engine, accelerator, and brakes. (link to source?)
They were able to execute the attacks by broadcasting radio signals from their phones that bundled malicious code with text and picture messages the car was built to receive. While the reporter driving the hijacked car expected the hackers to be able to play with his windshield wipers, music, and air conditioning, he didn't realize just how serious a threat the glitch posed.
Chrysler has already released a patch for the problem, though NCC Group says that their code could be tweaked to work on a wide range of cars from a large number of manufacturers.
Despite the quick fix, this vulnerability is a symptom of a much wider scale problem: as more and more autonomous features are added to our motor-vehicles, they become more vulnerable to different avenues of cyber attacks.
Security experts have pointed out that the time and money necessary for developing these exploits is well out of the range of the vast majority of criminals, though it's not an impossibility for large organizations with a great deal of funding.
Here at Greening Testing Laboratories, we do our best to stay on top of all of the latest technological trends in the automotive industry. Our services are employed by many of the world's leading automakers to assess the performance of their vehicle brakes, components and materials. GM has recognized our facilities as suitable for the most demanding and accurate tests, following the guidelines of all major standards organizations.